running phpmyadmin on non-standard dir
António P. P. Almeida
appa at perusio.net
Fri Feb 3 16:36:23 UTC 2012
On 3 Fev 2012 16h10 WET, caldcv at gmail.com wrote:
> If you are inexperienced, do not run phpmyadmin publically as
> /phpmyadmin or you will fall behind a security update to find your
> system compromised (and now the new member in the botnet!) I used to
> hunt botnets for awhile and PhpMyAdmin was a common way to get in
Yep. There's a FD post by the Gentoo security team that exposes what
an utter complete wreck security wise phpmyadmin is:
http://seclists.org/fulldisclosure/2012/Jan/39
Use Chive: http://www.chive-project.com
Don't forget to set: cgi.fix_pathinfo = 0 on the php.ini.
You're gaining something in security terms by choosing Nginx over
Apache, don't throw that under a bus by using phpmyadmin.
--- appa
More information about the nginx
mailing list